From 00090170f96ae43f521ce29a3731859ca5f6738a Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 17 Dec 2014 11:21:28 +0000
Subject: Version 1.5.2.

Includes:
* [UK] Don't show topic form field when reporting abuse.
* Use token in moderation response URL to prevent hidden report leak.
* Make sure successful submission page is full width.
---
 perllib/FixMyStreet/App/Controller/Moderate.pm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'perllib/FixMyStreet/App/Controller/Moderate.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm
index 9c10ae36a..ad293fbd7 100644
--- a/perllib/FixMyStreet/App/Controller/Moderate.pm
+++ b/perllib/FixMyStreet/App/Controller/Moderate.pm
@@ -105,6 +105,11 @@ sub report_moderate_audit : Private {
     my $sender = FixMyStreet->config('DO_NOT_REPLY_EMAIL');
     my $sender_name = _($cobrand->contact_name);
 
+    my $token = $c->model("DB::Token")->create({
+        scope => 'moderation',
+        data => { id => $problem->id }
+    });
+
     $c->send_email( 'problem-moderated.txt', {
 
         to      => [ [ $user->email, $user->name ] ],
@@ -113,7 +118,7 @@ sub report_moderate_audit : Private {
         user => $user,
         problem => $problem,
         report_uri => $c->stash->{report_uri},
-        report_complain_uri => $c->stash->{cobrand_base} . '/contact?m=1&id=' . $problem->id,
+        report_complain_uri => $c->stash->{cobrand_base} . '/contact?m=' . $token->token,
     });
 }
 
-- 
cgit v1.2.3